[Oisf-users] OPNids - Any thoughts?

[fatema bannatwala]

Hi,

So recently I was reading about the OPNids project and thought to give it a
try it.
And as a new user complaining, had few unclear thoughts that I thought to
share with the list.

First of, the documentation is little hard to decode, and was having
trouble in installing OPNids with USB stick. But finally tried the virtual
installation with the iso and it installed correctly.
The web GUI is good with all the nods and buttons, and user friendly
options.

After reading so much about the "OPNids being the first integration of
Suricata Signature Inspection with a Machine Learning Scripting Engine
(MLE)" I though it already comes with MLE installed and integrated with
Suricata in the installation package, which comes with the pre-build OS
(FreeBSD) with other pre-installed services.

But unfortunately it does not. DragonFly MLE has to be manually installed
on the OPNids system and proper configuration is needed to integrate it
with Suricata, which makes me think that then how it is different than the
situation of just having Suricata installed on one of the servers with OS
of our choice, and then installing MLE on the same server integrating it
with Suri and using it for ML analysis?

It was a little disappointment to know that apparently OPNids is nothing
but Suricata with couple other services installed on a box, EXCEPT MLE...
Hmm kinda sad.

And also, if someone has tried to ply around with it and would like to
share experience/thoughts?

Thanks,
Fatema.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190325/21160fd7/attachment-0001.html>